Hi Vignesh, though we sometimes do document what is not possible, I'm not aware of a document that would explain why you cannot connect directly to RDS using SSM. So let me resort to a more generic answer:
SSM allows many more functions - and changes! - to an instance than just connecting to it. Having full SSM functionality on an RDS instance thus would undermine the Shared Responsibility Model we use for RDS (you could also say: it would violate the "Black Box" principle of RDS). Therefore, you need an intermediary instance that forwards the TCP Port exposed by RDS to your local machine.
- The RDS-specific Shared Responsibility Model is explaine in "Security in Amazon RDS"
- Our general overview of the Shared Responsibility Model
- In case you don't know already, the EC2 instance can be in a private subnet, too, as explained here: Securely connect to an Amazon RDS or Amazon EC2 database instance remotely with your preferred GUI
If this helped you, kindly mark my answer as "accepted". Kind regards, Uwe
Using Session Manager to connect RDS without having EC2 instanceAccepted Answer
Connect to Ec2 instance bastion via Session Managerasked 10 months ago
Unable to use Session Manager on EC2 instances in a private subnet with SSM VPC endpointAccepted Answerasked 3 years ago
Placing a Bastion in a Private Isolated Subnetasked 8 months ago
Session Manager for EC2 without internet accessAccepted Answerasked 2 years ago
From docker container need to connect RDS - Using Session Manager
What is the difference between EC2 Instance Connect and Session Manager SSH connections?Accepted Answerasked 3 years ago
Session Manager unable to connect to instance in public subnetAccepted Answerasked 3 months ago
Session Manager to connect ec2 instance cannot be enabledasked 3 months ago
Connect to RDS using SSMAccepted Answerasked 2 years ago